INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following personal data about You:
- Information and documentation that You as a Visitor, Merchant or Customer provide by filling in the Application form or the Contact Us form available at https://ecommpay.com (hereinafter – the “Website”). Such information may include Your name, surname, e-mail address, telephone number and the name of Your company and other information which You provide;
- Information and documentation that You as a Merchant provide to us in order to conclude an agreement. Such information may include, but is not limited to, Your name, date of birth, home, work or other physical address, country, telephone number, e-mail address, company name, company number, current position, previous places of employment, education, passport or ID data; payment account number, information regarding the beneficial ownership in other companies;
- Information and documentation that You as a Visitor provide to us during the process of applying for a job vacancy. Such information may include Your name, date of birth, home address, country, telephone number, e-mail address, company name, current position, previous places of employment, education and other information which You provide;
- A record of correspondence / communication and/or the telephone call in the event You contact us. Such record may include Your name, surname, e-mail address, telephone number, name of Your company and other personal data You may disclose to us during such communication;
- Where You as a Merchant have been granted access to the Client Interface – details of Your visits, including, but not limited to, location data, weblogs, other communication data and the resources that are accessed by You;
- Where You as a Customer use the payment page in connection to our services in order to initiate a transaction and/or the Merchant initiates a transfer of funds to You – Your personal data, including, but not limited to, name, surname, e-mail address, telephone number, details of Your payment instrument, including, but not limited to, card number, card expiry date, CVC/CVV code, credit/financial institution and/or issuer details and information relating to the purchased products or services, including the location and time of the transaction;
- Information about You as a Customer or as a Merchant, which we receive from other sources, including, but not limited to, our business partners, service providers and subcontractors. Such information may include the data provided by the card organisations, payment service providers, credit reference agencies and other third parties, as well as publicly available information.
We may also collect non-personal information about You, which does not identify You as a specific individual. Such non-personal information that we may collect includes:
- Browser and device data, for instance, IP address, operating system and browser type. This is statistical data about the Website users’ browsing actions and patterns and does not identify any individual;
- Cookie data, such as time spent on the Website, pages visited, language preferences, and other anonymous traffic data;
- Company data, such as a company’s name, product and service offerings, jurisdiction.
HOW WE USE PERSONAL DATA
We use Your personal data in order to provide our services/products to You, in the capacity of a Merchant, and to respectively conclude contracts and carry out our contractual obligations. In this regard, we rely on a contract entered into by You and ECOMMPAY as the valid ground for the processing of Your personal data.
We use Your personal data to enable You, in the capacity of a Customer, to make use of our services/products which we provide to the Merchant, e.g. make payments on the Merchant’s website. In this regard, we rely on the legitimate interests pursued by us.
We are also required by law to constantly carry out various activities for the prevention of fraud, money laundering and terrorism financing, as well as for compliance with other legal obligations. In this regard, we rely on the necessity to comply with legal obligations as the valid ground for the processing of Your personal data.
In addition, we process personal data in order to carry out various marketing activities and in this regard, we rely on Your consent as the valid ground for the processing of Your personal data.
Examples of how we may use Your personal data include:
- to provide You with information, products or services requested from us;
- to provide You with information, which we feel may interest You, provided that You have consented to be contacted for such purposes;
- to notify You about changes to our products or services;
- to process transactions/payments;
- to ensure that content from the Website is presented in the most effective manner and to keep our Website safe and secure;
- to allow You to use interactive features of our Website;
- to administer our Website;
- to verify Your identity for legal/regulatory compliance purposes;
- to conduct monitoring against any possible fraud, money laundering, terrorism financing or crime risks;
- to respond to Your inquiries and provide customer support;
- to conduct market research and carry out marketing activities.
HOW LONG WE WILL KEEP YOUR PERSONAL DATA
We will store Your personal data for the period necessary to fulfil the purposes listed above, unless a longer retention period is required or permitted by law. Please be aware that we may be required to retain Your personal data for various legal or regulatory reasons, for example, to ensure that transactions are appropriately processed, settled, refunded or charged-back, as well as to investigate any potential fraud and to comply with anti-money laundering and counter-terrorism financing laws and other legal requirements. This means that in the event where You, in the capacity of a Merchant or a Customer, cease to make use of our services, we will still retain certain personal data in order to carry out our legal obligations.
USE OF SERVICES BY MINORS
The services/products we provide are not directed to persons under the age of sixteen and we kindly ask such persons to not disclose their personal data to us.
HOW WE DISCLOSE PERSONAL DATA
In certain circumstances we may disclose the personal data we have gathered about You to the following categories of recipients:
- Our group companies. In order to provide our services/products, we share personal data with our group companies. ECOMMPAY LIMITED is the entity responsible for the general use of personal data by other group companies in relation to the services/products provided by ECOMMPAY LIMITED. Our group companies are responsible for the use of personal data in relation to the services provided respectively by them. This includes our group company and partner ECOMMBX Ltd, with whom we may share data for the purpose of enabling service provision. You can get acquainted with the Privacy Statement of ECOMMBX Ltd here;
- Third-party financial institutions. This may include card organisations, payment systems and credit/financial institutions where You as a Merchant or a Customer maintain Your payment account or any other type of account;
- Credit reference agencies. We may share personal data with credit reference agencies to conduct credit checks and obtain credit reports;
- Third-party service providers. We disclose personal data to service providers only when it is necessary to ensure the provision of our services, including, but not limited to processing of payments/transactions.
- Third-parties in relation to transfer of business. For instance, if we sell any business or assets or merge with another business entity, it may be necessary to disclose personal data to the prospective business owners or partners.
- Our Merchants. We may disclose certain personal data, which you have provided to us or which we have received about you as a Customer, to the relevant Merchants, in order to assist them with carrying out their legal obligations or their obligations towards you as their Customer.
We have also concluded Standard Contractual Clauses with all our group companies and relevant service providers that are located in the EEA, to ensure safe data transfers from EEA to UK.
You have certain rights in respect to the way we treat Your personal data:
- You are entitled to access Your personal data and receive information regarding Your personal data that we process. You can do so by either signing in to Your Client Interface account or by contacting us at firstname.lastname@example.org;
- You are entitled to rectify the information we have about You if it is inaccurate. You can do so by either signing in to Your Client Interface account or by contacting us at email@example.com;
- You are entitled to object to the processing of Your personal data;
- You have the right to revoke Your consent for processing of Your personal data for the marketing purposes. We will inform You (before collecting Your data) if we intend to use Your data for such purposes or if we intend to disclose Your information to any third party for such purposes;
- You may also request us to erase Your personal data or cease the processing of Your personal data. However, please note that this right may be subject to certain exemptions. Namely, in situations, where we are under a legal obligation to retain Your personal data, we will not be able to fulfil Your request and, in such an event, we will inform You accordingly;
- You may also request us to provide Your personal data to You or transmit it directly to another controller and we will comply with such request, provided that the personal data processing previously carried out by us was based on Your consent or was necessary for the performance of a contract and where it is technically feasible;
- You have the right to lodge a complaint to the Information Commissioners’ Office if You believe that we have not complied with the requirements of the General Data Protection Regulation with regard to Your personal data.
All information provided by You to us is stored on secure servers and we use appropriate organisational, technical and administrative measures to protect Your personal data. Once Your information is received, we use strict procedures and security features to prevent any unauthorised access. In accordance with the recommendations of the Payment Card Industry Security Standards Council, Customer card details are protected using Transport Layer encryption — TLS 1.2 and application layer with algorithm AES and key length 256 bit.
However, please note that no transmission of information via the internet is completely secure and no storage system is guaranteed to be entirely secure. If You have any reason to believe that Your interaction with us is no longer secure, please contact us immediately.
DATA PROTECTION OFFICER
We have appointed a data protection officer, whom You may contact, should You have any questions or concerns regarding our personal data processing practices. Our data protection officer’s contact information is as follows: firstname.lastname@example.org.
Level 1, Devonshire House,
1 Mayfair Place, London, England, W1J 8AJ,